Data Protection Impact Assessments are a key step in delivery ‘Privacy by Design’ across systems that hold or process personal data. Regulation such as the GDPR obligate organisation to conduct DPIA’s as part of system development, deployment and enhancement. Your Data Protection Officer or Risk Management team should have produced a DPIA checklist or application but key to your compliance success is embedding the practice of completing the assessments.

The diagram below shows a typical iterative application application or system development cycle that has been enhanced to include where DPIA’s should be conducted. Building DPIA’s into your organisations development process is key to embedding DPIA’s into your organisations culture.

In our experience conducting DPIA’s as sub-iterations of the design step means that the DPO Function or Risk Management Function can quickly sign-off designs for their privacy protection before build commences.